package de.hska.pwmanager.controller;

import javax.servlet.http.HttpServletRequest;
import static de.hska.pwmanager.validation.ValidationUtils.*;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;

import de.hska.pwmanager.controller.errors.ValidationError;
import de.hska.pwmanager.controller.errors.ValidationException;
import de.hska.pwmanager.persistence.model.User;
import de.hska.pwmanager.persistence.model.dao.UserDao;
import de.hska.pwmanager.transfer.model.LoginParameter;
import de.hska.pwmanager.transfer.model.UpdatePassword;
import de.hska.pwmanager.transfer.model.UpdatePubkeyParameter;

@Controller
@RequestMapping(value = "login")
public class LoginController extends AbstractController {
	@Autowired(required = true)
	private HttpServletRequest request;
	@Autowired
	private UserDao userDao;

	@RequestMapping(value = "login_user", method = RequestMethod.POST)
	public @ResponseBody
	boolean login(@RequestBody LoginParameter parameterObject) {
		User user = this.userDao.findByUsername(parameterObject.getUsername());
		if (user != null
				&& user.getPassword().equals(parameterObject.getPassword())) {
			request.getSession().setAttribute("loggedInUser", user);
			return true;
		}
		return false;
	}

	@RequestMapping(value = "current_user", method = RequestMethod.GET)
	public @ResponseBody
	User getLoggedInUser() {
		return (User) request.getSession().getAttribute("loggedInUser");
	}

	@RequestMapping(value = "logout", method = RequestMethod.GET)
	public void logout() {
		request.getSession().setAttribute("loggedInUser", null);
	}

	@RequestMapping(value = "change_pw", method = RequestMethod.POST)
	public @ResponseBody void updatePassword(@RequestBody UpdatePassword password)
			throws ValidationException {
		User user = this.getLoggedInUser();
		this.validateNewPW(password);
		// ok now check the oldpw
		user.setPassword(password.getNewPassword());
		this.updateUser(user);
	}

	private @ResponseBody void validateNewPW(UpdatePassword updatePassword)
			throws ValidationException {
		User user = this.getLoggedInUser();
		ValidationException validationException = new ValidationException();
		if (user == null) {
			validationException.addError(new ValidationError("",
					"You're currently not logged in!"));
			validationException.throwMe();
		}
		if (isNullOrEmpty(updatePassword.getNewPassword())) {
			validationException.addError(new ValidationError("newPassword",
					"Password cannot be empty!"));
		}
		if (isNullOrEmpty(updatePassword.getOldPassword())) {
			validationException.addError(new ValidationError("oldPassword",
					"Old Password cannot be empty!"));
		} else {
			if (!user.getPassword().equals(updatePassword.getOldPassword())) {
				validationException.addError(new ValidationError("oldPassword",
						"Old Password isn't correct!"));
			}
		}

		validationException.throwMe();
	}

	@RequestMapping(value = "change_pubkey", method = RequestMethod.POST)
	public @ResponseBody void updatePubkey(@RequestBody UpdatePubkeyParameter parameterObject) {

		User user = this.getLoggedInUser();
		if (user != null) {
			user.setPubkey(parameterObject.pubkey);
			this.updateUser(user);
		}
	}

	private void updateUser(User user) {
		request.getSession().setAttribute("loggedInUser", user);
		this.userDao.save(user);
	}
}
